Skip to main content

TelenetworkingPolicy

Telenetworking Policy
Last updated: January 20, 2023

Introduction

  • This policy sets out how Zoracom’s facilities and resources, and personal mobile devices registered under our BYOD Policy, must be used.
  • This policy applies to all staff, including employees, contractors and interns etc. working for, or under the control of, Zoracom.

Responsibilities

  • This activity is carried out by knowledgeable staff from all levels and parts of the organization in the process
  • CISO
  • Manager & Team-lead
  • Staff

Mobile device standards

  • Mobile devices are important tools for Zoracom solutions and their use is supported to achieve business goals.
  • Security measures must be applied to mobile devices to reduce the risk associated with working remotely
  1. All requests for mobile devices must be approved by the department manager.
  2. All mobile devices storing or accessing Company information must employ password controls and inactivity timeouts:
    1. Device must be locked with a 4 to 8-digit PIN or Password;
    2. Timeout period must not be longer than 5 minutes before locking device; and
    3. 10 failed PIN attempts will result in the Mobile Device wiped of all data, including employee’s personal data, photos, contacts, etc.
  3. Employees are prohibited from making illegal transactions, threats, harassing telephone calls or conduct of any other nature that violates the employee code of conduct policy while using their mobile device.
  4. The physical security of these devices is the responsibility of the user to whom the device has been assigned.
  5. Mobile devices that are lost, stolen or have been compromised must be reported immediately to employee manager and the local IT department.
  6. All mobile devices are required to be encrypted before any corporate data will be transmitted to the device.
  7. It is strictly forbidden to "root" (Android) or "jailbreak" (iOS) a corporate device.
  8. The mobile device will be remotely wiped if the device is lost, the employee terminates his or her employment and/or if IT department detects a data or policy breach.
  9. Employees are required to follow all governing laws in their area regarding legal and proper use of that mobile device.
  10. Zoracom solution data must be removed from the user's mobile device immediately after termination of employment.

Bring Your Own Device Policy (BYOD): (If applicable)

  • Zoracom remains committed to enabling staff to do their jobs as efficiently as possible through the use of technology. This policy sets out requirements for the use of personally owned smart phones, laptops and/or tablets by staff to access Zoracom’s information, resources and/or services.
  • We respect the privacy of your personal device and will only request access to the device by technicians to implement security controls or to respond to legitimate discovery requests arising out of administrative, civil, or criminal proceedings. This differs from our policy for the equipment and/or services that we provide, where staff do not have the right, nor should they have the expectation, of privacy while using our equipment and/or services.
  • This policy is intended to protect the security and integrity of our data and technology infrastructure. Limited exceptions to the policy may be authorized by the Team-lead due to variations in devices and platforms.
  • BYOD registered devices are subject to all of our information security related policies and procedures.
  • In particular, this policy is in addition to, and should be read alongside, our Acceptable Use Policy

Approved Devices

  1. iPhone (List of models and users)
  2. Pad
  3. Android
  4. Laptops
  5. Windows
Note:Devices are registered and user are responsible for the belongings and issues related to connectivity, Zoracom does not give any assets to employees until it is necessary and all confidential activities and security related operations are handled by top management and entitled to security norms. Any supporting accessories are to be purchased by staff such charges are not paid by Zoracom.

Working offsite/remote

  • As declared before, Zoracom majorly works on hybrid (onsite & remote) and all confidential data activities are handled by the top management. Supporting staff activities are listed to be for the internal purpose and the physical, logical and technology controls are identified and trained to act accordingly.
  • Additionally, Mobile device users must take special measures to protect sensitive/critical information in these circumstances.

Mobile Device Policy

  • Mobile device users must take special measures to;
  1. Ensure that sensitive/critical information is not compromised when using mobile devices and communication facilities, e.g., notebooks, palmtops, laptops, smart cards, and mobile phones.
  2. Ensure the regular backup of sensitive/critical business information and protect such backups from theft or loss of information when using mobile device facilities in public places, meeting rooms, and other unprotected areas outside of our premises.
  3. Ensure that special protection is deployed to avoid unauthorized access to or disclosure of the information stored and processed by these facilities, e.g., using cryptographic techniques.
  4. Avoid the risks of overlooking by unauthorized persons in public places that equipment carrying sensitive/critical information is not left unattended and, where possible, are physically locked away, or special locks are used to secure the equipment.
  5. Ensure that passwords or other authentication tokens should never be stored on mobile devices where they may be stolen or used to permit unauthorized access to our information assets.
For example, options to automatically “remember” passwords should not be used. But always comply with company guidelines relating to mobile devices when working with other organizations.

Acceptable use of registered devices – Do refer Acceptable Use Policy

Mobile Device Security
  1. In order to prevent unauthorized access on working platforms, Password plugin used enforcing users to change and create strong passwords.
  2. The registered device must lock itself with a password or PIN if it's idle for five minutes.
  3. After five failed attempts to enter a password, the device will be automatically locked – take the device to the IT Manager to have it unlocked.
  4. Rooted (Android) or jailbroken (iOS) devices are strictly forbidden.
  5. Smartphones and tablets that are not on the company's list of supported devices are not permitted to connect to our systems.
  6. Smartphones and tablets belonging to staff that are for personal use only are not permitted to connect to our systems.
  7. Staff access to our information is automatically limited as set out in our Access Control Policy.
  8. Staff must take all reasonable steps to prevent the theft or loss of registered devices.
  9. Staff are expected to maintain the registered device themselves and to ensure that its systems are regularly updated and patched.
  10. Staff are expected to be aware of, and comply with, any regulatory or other requirements regarding the handling of personal data.
  11. Lost or stolen devices must be reported to Zoracom as soon as is practicable and in every case within 24 hours.
  • Staff are responsible for notifying their mobile carrier immediately upon loss of a registered device.
  • A registered device/platform may be remotely wiped if:
  1. the device is lost or stolen
  2. the person ceases to be a member of staff
Zoracom detects a data or policy breachZoracom detects a virus or similar threat to the security of our information or technology infrastructure

Risks, Liabilities and Disclaimers

  • While Zoracom will take every precaution to prevent any personal data from being lost in the event that a registered device must be remotely wiped, all staff are responsible for take additional precautions, such as backing up email, contacts, etc.
  1. we reserve the right to disconnect registered devices or disable services without notification
  2. staff are always expected to use their registered devices in an ethical manner and to adhere to our Acceptable Use Policy
  3. staff are personally liable for all costs associated with their registered device

Breaches of Policy

  • Zoracom will take all necessary measures to remedy any breach of this policy including the use of our disciplinary or contractual processes where appropriate.